Date: Fri, 3 Dec 1999 18:21:57 -0500 (EST) From: Brian Fundakowski Feldman <green@FreeBSD.org> To: Dan Harnett <danh@wzrd.com> Cc: Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.org Subject: Re: Other outstanding vulnerabilities Message-ID: <Pine.BSF.4.10.9912031818330.33485-100000@green.dyndns.org> In-Reply-To: <19991203153353.5FB085D026@mail.wzrd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 3 Dec 1999, Dan Harnett wrote: > Hello, > > It has been my experience that the setsockopt() DoS can be avoided by setting > NMBCLUSTERS to a reasonably high level and setting a limit on the number of > file descriptors that any given user can use (be it through the shell or through > /etc/login.conf). I realize this is not a fix, but it seems to work until there > is a fix available. There is a limit to socket buffer total size in 4.0. You can wait for that to come out, or possibly MFC it yourself (not too hard.) There is also work to make these resource shortages less harmful (i.e. not panic), but that's not quite done yet. Look for "sbsize". > > Dan Harnett -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9912031818330.33485-100000>